Back from attending Check Point’s employee, partner and customer event CPX360 in Vienna, I have been asked by colleagues and customers “what’s the most noteworthy news or announcement this year?”

Most noteworthy announcement this year

While there’ve been quite a range of interesting sessions on various emerging technologies and products (including CP Maestro, CloudGuard Dome9, extension of CloudGuard IaaS, new appliances, new accelerator cards and much more (including a new partner programme that was received controversially among the partners), I think the most important, and at the same time probably most overlooked announcement, was Check Point’s Infinity 2.0 architecture.

The Check Point Infinity architecture has now been around for a couple of years providing a coherent and consolidated approach to enterprise security. Infinity 2.0 is not just an upgrade or extension to the Infinity architecture, but rather a major strategic announcement of Check Point communicating the ambitions to become a cloud security company.

Infinity 2.0 is the approach of Check Point of dealing with the ever increasing number of (a) potential attack vectors (e-mail, web, mobile, IoT, VMs, SaaS, private cloud, containers etc.) and (b) security technologies (Threat Prevention, Identity Protection, Data Security etc.) that lead to a growing number of attack vector – security technology combinations (think of a table with vectors as rows and security technologies as columns). The new architecture is moving from a quadratically growing approach (number attack vectors multiplied by number of technologies) to linear complexity. This is achieved by differentiating between Security Delivery (channels where attack vectors apply) and Security Services (technologies).

Security Services, Security Delivery and the «fog»

Security Services are centrally available and generic security technologies in the Infinity Cloud that can be instantiated on individual “form factors” by means of Nano Agents (Service Delivery), including for example, on a traditional appliance, a new IoT security gateway, a cloud environment (VM, container, etc.) or via API/SDK directly integrated in third party products. A further element in the new architecture blueprint is the so called “Fog”: a security orchestration piece that sits between the Nano Agents and the Infinity Cloud. Whether the “Fog” will reside on premise or in a local cloud (in the country of the customer) is not clear to me yet, but it seems to have been devised to solve potential challenges of the new architecture model in the areas of privacy, performance or availability.

Admittedly, the concept appears to be still quite “foggy” and it is unclear how and in what time frame it will be implemented. Nevertheless, it is a surprisingly clear commitment of Check Point to becoming a cloud-driven company and the often-omitted part of their company name (“Software Technologies”) might become even more relevant in the future.